Rebirth of CISPA, but 'concerns haven't gone away'

The controversial CISPA cybersecurity bill is back — and so is the battle as to whether it’s perilous for Americans’ civil liberties.

The authors of the so-called Cyber Information Sharing and Protection Act revived their measure this week with the insistence that it won’t result in a Web user’s private data landing in the hands of the feds. But there’s still a sense among some lawmakers and consumer groups that the bill lacks strong, proper legal checks.

Text Size

“The text is largely the same as last year, and the concerns haven’t gone away,” said Rep. Adam Schiff (D-Calif.), who spoke with POLITICO after a hearing on the bill Thursday.

“The need to act certainly has intensified,” Schiff added, though he said nothing so far indicated to him “the challenges are insurmountable.”

CISPA emerged in 2012 as the House’s lead salvo in the broader cybersecurity debate. Its top backers, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), hoped to help the federal government and private sector share data in real time and better defend against crippling cyberattacks.

The bill, however, quickly proved divisive. While most of Washington coalesced around the need behind information sharing, some lawmakers and privacy hawks felt CISPA in particular would have granted government too easy access to Americans’ private information.

Rogers and Ruppersberger campaigned to address those criticisms through a series of amendments offered during floor debate — and in the end, they mustered enough support to pass their bill. But CISPA never even had the chance for floor time in the Senate, where lawmakers instead hoped to tackle information sharing as part of a broader bill focused on critical infrastructure. The White House, meanwhile, initially threatened to veto the House’s work — though the pledge came before any tweaks had been made.

As the debate begins anew in 2013, Rogers and Ruppersberger feel they have new momentum to advance CISPA through Congress. For one thing, the executive order signed by President Barack Obama on Tuesday handles one of the thorniest issues in the cyberfight — critical infrastructure — and eases some of the political pressure on Congress, Ruppersberger told POLITICO Thursday.

The American Civil Liberties Union and others have resumed sounding their alarms about the bill because it still lacks language explicitly requiring companies to strip personally identifiable information from any data exchanged through the program. That change has allies on Capitol Hill — including Schiff, who ultimately voted against CISPA in 2012.